From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 15 Sep 2025 10:57:37 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-oa1-f55.google.com (mail-oa1-f55.google.com [209.85.160.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58F8vZqa009589 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 15 Sep 2025 10:57:36 +0200 Received: by mail-oa1-f55.google.com with SMTP id 586e51a60fabf-322f0a39f0bsf4847211fac.1 for ; Mon, 15 Sep 2025 01:57:36 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1757926650; cv=pass; d=google.com; s=arc-20240605; b=avPxTgVcdv5XSS8R59phbA6lWFUeBf04Oj9Q5S94WWaaP7Lr9Hxh3zwTdSwMP7aVF/ m1xDa0nJBZbwLyolTthjgGY/uryjNFmgEu0mOZRe+slBw4vPiT6fAsylXVSbDXVmzMkw yu+qg+NY5H4FQmMJ0nFhIzEK3RcQdw01SMzydSU9ZzE01d8euIDswPy241y1dzQRYcsE xv3cPZiZWoGvOGIye+LArp64nbLim9W7MgR5JYVzKjSrnlgZyJns9AK1WajTbAi6bFUD 0FzHOXfw5VP3DapGlI8DDJg3WtVAKPduGPGaPTyoTwNHRPBldaV9Gzq8a/nXPdC8CZwb GnlQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature; bh=TrlcVN6sSUZZLp0HJsbssEZJSHfSvMfGEbNlr+g5YCA=; fh=fF14UbzP10lMtJEcBKngiHD+VWjtJcCzYroiAKzk5KU=; b=lEbiFc2woV4lucGJZb4lVuoGWdVJOBHvyiyb3mx18z1ozHV4BQBlO4s9uhitEV9gwy y1rGE+0/51liL4bQ8V3TkMwPxGNez8iR0yhIYqNGTE45lxSdN3RxSgFCILWgDTHhtRZl ffGgsW+1foCwIWnZgH639u2mXqI9dfVeq6UIYV8BYZD/6GkaKTX3y7GgmLBCO5ifOBuj FZeJpNfA8sJjqCetIj8E/4WzmbjDGqybdKJAlurSVgAiJHZ4SJyTYdYjjlif0MSC5R5G b2G7FpSm8ORIzlcYbzvTj+eEoMJ5Vr/Nvw8radUpAZfOsx/HHg9e1DRR5kYRHyoQjkb2 fZ/w==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zRLOq1kz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757926650; x=1758531450; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TrlcVN6sSUZZLp0HJsbssEZJSHfSvMfGEbNlr+g5YCA=; b=o4aRfA17Ok72Ud40dP4SobauM0SJen/CTwnC63oFQJGTOXAX6Nbt20Y9llSxQOzHoz s10wQTQO0UUyuKj2kJ+JQx39ffymdQaZC02Osj29zfr/dTUY/tUMKd4H6aGNjWT36+Z5 8f8bQ6cULf1XoLGgAlvzxEw7E2IUwBbicx1XlBk5ahBcy0O3DBOR/JjeFa5r5BLt4QIu eJP8dwSAyKakH1gafZbRzAzrcm/xHhHvod+CXwhQinKCYBDUS11vNNyRocQFf/9V7+I5 +7Zd80nGQO45Mk/xmvWX5lAAQhKI6+FjEtwiudX6qQxwtqUJKgW6FDaZbGzyt4nGSMWr HBVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757926650; x=1758531450; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:content-id:user-agent:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:x-beenthere:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=TrlcVN6sSUZZLp0HJsbssEZJSHfSvMfGEbNlr+g5YCA=; b=Gzf/cwvpWXeUm0XRsJaXyFhq/0AOdHk1ph4gm8Kiywyp4YDaMZxC3hTGyUa1P97rQD KthUe59xFBjmpmqxDSKqLmUgGk47Wiu2iNF5CIrjNFh6NwEg5jd5VN240wJkjp8qNeKw +xEUZtdu4pst0gHyYrw5ZVkjiKpKAvkaBjDtVJCeKNIw/zRrPki/r44pqAUbMGCP4pfz b42NfZPxouSX+vYKB97NdtokIVZBmvbEGnOwOSnYZut8Rq3J9eY/dvcVQ8esAOgR9Vu3 GMHUG+uMlw6NihxkaJMaSbmKJI8gfPgpL0Lbbq/lBWvzmPgZchCodt5o4hInOuhxBVk4 UfMA== X-Forwarded-Encrypted: i=3; AJvYcCU2+LnnvpjGaFFWN21NdMdgeit8/MLA3Jas4Y2hr6dMJaJHkMdT1TPxgUkQxmmjnFAAcjL6@ilbers.de X-Gm-Message-State: AOJu0Yx/VPbw+xfM8uu/sge5uO2/KZNOx4b9DWG23fyxzD0JFbBJi6HI G+yZ2YgxO1RjH74pPkGklPEP7qBBR4gJzWUJBbcfdwJgIkR19pK7g6AF X-Google-Smtp-Source: AGHT+IFJtErk9oMsI8eR28QDjAorgEbNtryTu5I9DbIiordDtyEZeYuXOPCTQE3zgOqweWh6kZx0VQ== X-Received: by 2002:a05:6870:8318:b0:31d:6d55:7af3 with SMTP id 586e51a60fabf-32e56fddf41mr6328508fac.36.1757926649850; Mon, 15 Sep 2025 01:57:29 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd5ASviK0Vd6S/qs7dcjtvdncWSYDA66Je1kE2r8ggO+Ng== Received: by 2002:a05:6871:81ce:10b0:319:b48e:5e1f with SMTP id 586e51a60fabf-32d061155b9ls1763872fac.1.-pod-prod-03-us; Mon, 15 Sep 2025 01:57:28 -0700 (PDT) X-Received: by 2002:a05:6871:9f14:b0:32e:f4de:2db3 with SMTP id 586e51a60fabf-32ef4de3132mr5250529fac.0.1757926648260; Mon, 15 Sep 2025 01:57:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757926648; cv=pass; d=google.com; s=arc-20240605; b=al4wyueBXk5l8PkkUkSUycku0feiDuFHYYUo4dHwMa22sIJGo1effvdoCY+G9ZeZV9 Unxn5mHTEkJCVoQ8zvQSPjBggYHH3Zvcp/JACYv+c2jI94PKuz81RO3hI8JeM78D5ca0 Lp9tWRA94TG9D/nGs4jGqzB/ji9MU3/HdZdkphue8V+YfKyOVByowtILHZ0bQ63IrfVh r4ohZOsaK/mYLg2wN9E9Jat5y6UmwuhqekLYZng5ARoUOtK0cGpp89IHY0d8WUTbVBcw /mQxfRnhKAG8mvKDH9er06iYIMfatpzmTQqTwMsNWMYh6Wnust7Wpe3g7LmUO78P43z/ lCkg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:content-id:user-agent :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from:dkim-signature; bh=JCZoPoWRm317NlJmUCfXvcEVTLnLD7+nkkxmd3ycgvQ=; fh=u8HcUOoLGB1/T9FtB/Es1B2TsnrkCMkMR0jkqRlvapk=; b=UZtpBpi7Bsk074s5tx+PHcr1v+UMh7pwT0yH5TCEi8tlhF9YCxBGzR6Tq4deO7QHED 6VnxTQPPMxldTZRKThAUd55GQdsnerUyw2q3QyZQpLLCcegzs2mMRSjtLIVOH2Vdrg/j s+mXOrMw431ng6Wz+5imUkXZF5AR3KI3Z6WlTEpj1zJp6rzMQDqlO/QmNGIV6EEA3Z+N CGDvyfwQOf6495m8u6BoqQrVdZadlYlt+YMVr2NPXC8sOMkfTtEA0HNfsoMRGNu9AjvV lgGG4hR1C0uoxPnuqS4XNkRbW/A+qkGBn2/P7sGpe0T4cnrP6cCIZvbSNQc2GBbGEApV kDGw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zRLOq1kz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id 586e51a60fabf-32d3233842csi362252fac.1.2025.09.15.01.57.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Sep 2025 01:57:28 -0700 (PDT) Received-SPF: pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=f1UYYxaYjpG2p2o+GmR+IlgilIaXSn3tKLFUQE4+Ea1aOtN2DoLEKKr3NmML1G8I8EJn3e12P01W5wB+hv2vV7T9FA+78/jJQITXyvu0I0aBtdxAF83/z5Hmz/EHQRUtYRpQqCnLtOon+Xtz3G1hi1emlyIZNm1EwTPuaQWN5bs9o6+rbzV/gV6QKlJiO4GBcpwXEWo4Jsoe2ij3De4HOINQ6RV3SJri9sT4o6MH4R34Cq5y7TIZRDTkFdMq82MI25L8khMw77tZJakVVO3KxgB6kaupcK3aT0BsDWbO04NrvpS/gFAwtMCJYJg+Xgnp0Ahut+vXHAajSd1c+WpANg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JCZoPoWRm317NlJmUCfXvcEVTLnLD7+nkkxmd3ycgvQ=; b=EBoD9Cyf9LIGtOw3iysAcSbbnYXXCWtYSaCReePqXkCQFFCJFGJCp5vN8naPQ4E6muJ8s+gAgufBsW2eCApQxEg9mU/4wrL/NiKHwYrC967ATWs7oZyQgKZPhnFtevrKwD/RzRhU9Mepai2dsk0f8vjYXcwVkI2NqE/7IRdSdtCJ8l4y2LmdgOEjPvhs1zdHACJawvoTQ9SgAGinKvh9/RRKIrNoP/xcu8cttJYAc/i1TcAL0VdC6CMHN8JwpjmV4QsFSt3hFh4RDG1+7Bz7GQM3Oa7W5geTp75KmzW+NzFG0cVEeuuU1ZvOgre++oS0FKOP/BZs9CRbzkHMo9W3iw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:629::5) by AM7PR10MB3349.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:10b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9115.22; Mon, 15 Sep 2025 08:57:25 +0000 Received: from AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90]) by AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM ([fe80::b0ad:e93d:d30d:b90%4]) with mapi id 15.20.9094.021; Mon, 15 Sep 2025 08:57:25 +0000 From: "'cedric.hombourger@siemens.com' via isar-users" To: "isar-users@googlegroups.com" , "Kiszka, Jan" CC: "MOESSBAUER, Felix" Subject: Re: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs Thread-Topic: [PATCH v3 1/6] rootfs: introduce wrapper to run commands against a rootfs Thread-Index: AQHb5gjP1/KNtfAzRkywPQYgNpAOhrSUaVAAgAAIEoA= Date: Mon, 15 Sep 2025 08:57:24 +0000 Message-ID: <40ffc532715cbb285f2e41ec11909a7ff145da05.camel@siemens.com> References: <20250625193748.2681-1-cedric.hombourger@siemens.com> <20250625193748.2681-2-cedric.hombourger@siemens.com> <161b6da4-e7d1-4668-87aa-a0ae041fb8c6@siemens.com> In-Reply-To: <161b6da4-e7d1-4668-87aa-a0ae041fb8c6@siemens.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Evolution 3.52.3-0ubuntu1+intune x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AS8PR10MB7875:EE_|AM7PR10MB3349:EE_ x-ms-office365-filtering-correlation-id: da56b4ab-5deb-4bd4-7741-08ddf435e3ff x-ms-exchange-atpmessageproperties: SA x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|376014|38070700021; x-microsoft-antispam-message-info: =?utf-8?B?dlpLOVhHYk1WVldyd3l0VDZtQ21TdWNSM3lZOElCL1hYVkN2c2ovS2tVWjhJ?= =?utf-8?B?S0xNS1QrcDdKbmI1UXZlY3krcjFXcXBsanludFZPK1FObERIMlZsdTFMeUt0?= =?utf-8?B?akZlUHBKUWQvS3ZLeFdCM0pSNzBnTjArazhhbUhGaG8zTmtlUGxzWFYxNVpk?= =?utf-8?B?aFB6QXNCT25GT2tndXh1ZjRNVlhSN3pyczlpNVcyQmYxcEJZRGR4cFYrVEtT?= =?utf-8?B?Nkllb21aQ0g5UXJFQ1YvQ054dWtPb09CeGhuK0ZoZDVIOE1VWkpsQmxiaFlE?= =?utf-8?B?REN1SHFiVXB4RHE2SHVYVTVBUlhJblhoL2FRNkp2T1cxSUxiU1NXVVFhZGZF?= =?utf-8?B?cXR3b3pVVUdlM2RnTTFoU1BtWnNtSFB0QTlUb3kvZVRQOUROQkdrcEtDWDdP?= =?utf-8?B?R0xjbTdlMThqN0sxM1JtR2NPUm5Od0lXSnJEc1daUDYxT0JkUHM2aEtOendj?= =?utf-8?B?VUJWODJRTm13aFVUakgvaWY3WnFUSjJIZjZGdEQydTFJSEZ4QnNRbVgvckhS?= =?utf-8?B?WUNQQjdROUhjdTl1c1draTdqUlBPaUFTaE1Nc0RZRDJjWW9YNG8vdFI2Ynh3?= =?utf-8?B?QWxXVlJwb0tNZVYvVmkySkxKVzZaRXl4S1dQVUtlUXhncVlPcXlDK3VRRkFo?= =?utf-8?B?N0JzSyswUWQySWUxMWsvdFZ6OFRNRG44dHpEYlp5eXBycGRWSE05eFNaeC84?= =?utf-8?B?MWwzYVFXN0gyMmNscHpDamlIbXhRMCtjS3dMcUZ5Q0VZcFAySDhWUE8yb1VS?= =?utf-8?B?T0VZbytkbUpGTzlkTjF1YisvT0Rsa3BwQ1dXV3VRZW1vODczcHMwV0RIRU5h?= =?utf-8?B?NW1NcElDK1pwUDNZbUtkejIzbUZmM2VwbVU4eVMyMmpxc255UlQ3MEphQllW?= =?utf-8?B?dTVFUEk2S09BRXU1SkxjWUJpUGt2bzVUN1FRY0FwQnRrR2E0YlFOL1ZnTDFE?= =?utf-8?B?SkZHQVQyd21mWjFVZTFjTkgwTnNYOThpYU1iUVAzNHBUdVVJV0drd1FvcEdz?= =?utf-8?B?dXlqM3VqMXBVS0ZtdDliaTFqYXlRdWRyb2ZUczB4RVcrNEpabWhKUjRGNkRw?= =?utf-8?B?WkovTGk3TnA1aEJzSFZmVU5xZ2hHaERDbjZNVHFoNVRwZ0xWcm8wOUd4NzZs?= =?utf-8?B?ejFkYm5Wb0JORmVRaG9MajJCYkdha29GQXd2S0dFL1UzdlAvbEdyTFMrUnNt?= =?utf-8?B?NjVEcHowMkdpMXhjRkQ2ZkZyMStLdTg2MmlhZTVoK3lyV2xENTFYdGJGWFZS?= =?utf-8?B?M3h5QU10WG13bS9HY1hZNGJoNXZCblEwQkV2SXUzNERuSUcxWmpzbDlGRTgw?= =?utf-8?B?bk16T3BkZmI3WGlBem8rQ1BhZmhmWHhTS3p0eUNyZkFjZHJwZFE5bldTb3Nn?= =?utf-8?B?MFBVQTBtSmNsbFBUMFdZeTlZSmprTDBDTzRWWkRYd0ZONUsydU1xVXlYUTdG?= =?utf-8?B?R0VjTVRZMm5EZllIVDhFVk9XNkc1bTVRTFRnVlQxK3R6RlNOYU4zL3liajVw?= =?utf-8?B?N1BaUlNKOTNMNjFpL1VOdmJ2NGN6SXZ2c1VNSjNoQXd1bWdyT0ZMTS8rMnYz?= =?utf-8?B?VU03VHpSaGw5NmRMQS9nNjhNaWI1SUNNcis4RWZWWm4xV21uZm9vbk9ieUU4?= =?utf-8?B?blpJNjNtTWVwYmNOUGtxbUtKcHpycERWVzVOdFpwNGxsQ0wrbHZsTzVHVDI5?= =?utf-8?B?RUdnTlVEdXd4ZjJJbExacVVZd25IYmc4R2lkSlVsdVRXbWZuRmxLTTYvaEhI?= =?utf-8?B?N3NCRHlNTTRYaEJQbVE4YVhsY1h2Q0dsclBXRjhZanBEZzFLUW93N3Vxa1pH?= =?utf-8?B?NjBRT2R6TmtlQi91Z0NySGdhYUZ6NW1ST0NjVzhmQzFiY3FhUWpDWFphb0I5?= =?utf-8?B?dUpDMitGSUNKR1RMVDJOclJ6dUVYRDBHeWlaL2t3ZklSUmpEZTlocVlZSmJm?= =?utf-8?Q?ZoFIRw5EY4k=3D?= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700021);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?B?NkVrcHRvR3RmNVloZVdiSm5Ddk16MlNmaGNNRHZkTFVpclVZcHRmYitPWldH?= =?utf-8?B?cUxLa3JiWUh0WVd0cFRFR3A2Lyt0WHI0VDdMUGd0ZXZPT1F1RXhiYlRSaVRv?= =?utf-8?B?WG1LcmdlOGJjUm41bXVYVTh6OXhEVW1zMGM1T0xJclBQUkk5UDVhaUdLSWVa?= =?utf-8?B?TTVseWF5YnNMdEp0eWs2Z3VKV1VjdGkwT0NWV0hoN1I3Tkp6TjFBblA4YWwr?= =?utf-8?B?ZDQ2ZmgyUFZGYllDMFFLbTMvTGdzLzVHMXJHSFk4SGM3S0xhSFdPWlFWNmNI?= =?utf-8?B?cG5rVHRDKzFXK2tJZDBPOVgwTDFrYXNIellEK1cvaEtPT2owM3puOEl0REk2?= =?utf-8?B?enFicFhaR1d2dk5MQkU3SlZlYmdMVGRBT0p1UFB6aCs1VWVkYTlZSG4vT0Fw?= =?utf-8?B?MWQ3SlZ0OGJJMmlOaW10cW42RXVJYWJqVlkrVGRWdVVNV1VZZXIwWHdmL1BB?= =?utf-8?B?ZU1KZFRqNzFhNEFCWE9FVC9wTjllZWsvTHZqaE1xalJWMFppNmpSQkxjbThS?= =?utf-8?B?NjBZSjZXL21yNlI3dmhjenBBMVBZSGk5T3RqWE5nR051cXpqMlFVNEFRWDNR?= =?utf-8?B?VHBzMGUvQVZrY0YvSjFMWXA4L1VQVUFreEZlb3U2d0tGR3dEdGlQaWloWDFy?= =?utf-8?B?UDlhcTAxdDBlc1Z6bHNHZFdBNFZDRDZmNVBhb0Y0clRiRnFtNG5lLzlmOTRx?= =?utf-8?B?VzZhd3pCb0l5TnJ4ODZNTGlGaE50NE0yN0RZY3huWHBMSFhRVjE1a3JPR3JC?= =?utf-8?B?L3dXbmVkSVVFM2NOM0hTN1J4R0VGRHUzck5Yc0NuaXJPOUN4bGRzNGhvVmJQ?= =?utf-8?B?NmFYUmNHRjJuclNUZHF0U09kUEU5T1pNOWJ6WHFuT3A1Sjd5bTA4RnMwVHVV?= =?utf-8?B?VVl6ZEhXN3Fkb0YrU01qOElva09mcXF0ejdUMXNqa3p6WWRzL1Q0dmhlQm8y?= =?utf-8?B?bjhob2g3bHNDMWtkTEVkbmdESm1odVU2SGMrK2ZqR3hYWFFsTTRWZnZrQXBq?= =?utf-8?B?WTBUUlRNWndscVFqUzFhYXBmdklFRGUvT2lPTU1oWWRLZjRwS0FFUjVsSVFT?= =?utf-8?B?YVRiUGZydWFkUkVCTFdHT2FEV2RlTjdSbnZoK2w1MWp2TnpuNnc3R0luOXNW?= =?utf-8?B?MXFCNmwwTTIwNUxIeVlTN0VHbXlHL3VsYzBWYUdXcTZtZU5wNS94eGk0TldX?= =?utf-8?B?ZHhjNWNUNXFwcGpSSzJrNlArQmhpOGJwVHlRd25aNVlnRVd6TUhvdUdtUm15?= =?utf-8?B?TTFSemxwMTY1dWxCWDZnTm1UdXpGaDBtTVlQVVdLOFdMamFzVXgrZmZaaytW?= =?utf-8?B?UlhIV1cwYVFMbTVrS0dUK3c1Q2ErQUxEVFU3RkNyV0UxQzB4cUxyVEdLS0hG?= =?utf-8?B?d3hjaFl3bmlwL2l5R1BlaS9wc01LUndxenVhalVQaE5LL2hML2lzb3lLcGFJ?= =?utf-8?B?c2JiRlYzS3FNWDJSQXZ4ZlVoNHBrbGFXV05qbTlSUW5KUy8rb25idHROUEE5?= =?utf-8?B?SHZUbHc1QWVrNVdHdmRpa0dBa1AzcUczTlV6MEFTVGFFenpHVmoxNmRCaE44?= =?utf-8?B?QStVUFBXRjFrMzlNVXVvVWZhK1Y0UkF6K1Q4NGMxV1B0Qk5hUWs4eU52TGtu?= =?utf-8?B?dUZhT2M2MHJyZXZWTlRuTko5S3RNbVFwQ0pkaExiSGE1VVFnMGNhQUYyK2Jj?= =?utf-8?B?VklwQWJMY3JCejNoVDFodHdQRXh2TkhaNFEvbWpjelNaZ2JzZ1NlazRhaG1l?= =?utf-8?B?Z2NXYVFvaFRUaVk3cERodDV3N1hzaFp2R2hQUkFUN0ZUcWdEZ2oycnh5S1Q3?= =?utf-8?B?SUdNRDdVN0gxRnJDSjhqQ3pieXRhdnEvOWN2cGJNcExiaXd1SU9pTGdENHBH?= =?utf-8?B?V1cyME84Sk5ZTmlhN1NNUGE5K0hZU2pPcmQ4bjZ5MTBVcWMrTTJvckZ6RVhH?= =?utf-8?B?OFRqSlUxd1NwM1NVWGdMZ0hscjBuZWNqQUNtajVoN1J5eDBIZG5Va1RJU3Za?= =?utf-8?B?ckxaUUtsTUNCWXdwMlpkc0ttbWR5VEZiWmlvRVlzR1ZkS0NENHo0SGViU2Jj?= =?utf-8?B?UEd5N3ZlU2Z5UHJMTzBHQTh5eDR3cUF4V2FwMU1DMXd5UXFDcm5wMzQxTVI0?= =?utf-8?B?M0hGVjBNNWhXVHJEYXAzWVkwdUEzQzBLUkVFN2dXcE9iaEJKUk1iRndENTNR?= =?utf-8?Q?cQO+8yNaVv8amdS9qGQ8sB0=3D?= Content-Type: text/plain; charset="UTF-8" Content-ID: <5EDE0DC961D0294AA5ADBA6E71291B3C@EURPRD10.PROD.OUTLOOK.COM> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AS8PR10MB7875.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: da56b4ab-5deb-4bd4-7741-08ddf435e3ff X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2025 08:57:25.1533 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NN4LuF72lcYnc6zkROaOlGblHSJT+0Fa4UQS5VVXhCxO2V6fwof4jPWJ8LnXjFV2cdaXNKdSLYpTJG+MlhFRd+4ZNSQvUMG9mvgF4BPnsRE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR10MB3349 X-Original-Sender: cedric.hombourger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=zRLOq1kz; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of cedric.hombourger@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=cedric.hombourger@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: "cedric.hombourger@siemens.com" Reply-To: "cedric.hombourger@siemens.com" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: Nm2wsn624yOy On Mon, 2025-09-15 at 10:28 +0200, Jan Kiszka wrote: > On 25.06.25 21:37, 'Cedric Hombourger' via isar-users wrote: > > "sudo chroot" is used in several places to run commands inside > > rootfs > > directories constructed by Isar. There are cases where a command > > could > > be used without elevated privileges as long as special folders such > > as > > /isar-apt are mounted (they are often referenced as /isar-apt in > > configuration files found in the target rootfs). For such cases, > > bubblewrap may be used to create a non-privileged namespace (either > > in a bare/native environment or within a docker/podman container) > > where the command will be executed as if chroot had been used. The > > rootfs may also be the host root file-system: this should however > > be used with care to avoid host contamination problems (note: Isar > > already relies on a number of host tools). >=20 > Where does this take the commands from then, the host env or some > better > defined rootfs that is aligned with the target rootfs release-wise? > Is > that controlled by the caller or implicitly by the wrapper. rootfs_cmd is a general-purpose helper and does not select a rootfs of its own where it will run commands from. This is left to the caller to decide. given a rootfs, it will let bubblewrap create a namespace with relevant mappings, optionally chdir to a specified directory and run the user-specified command. >=20 > I have to remind that we cannot blindly use host-side tools on the > target rootfs (except for the very basic ones) as the latter may be > newer than the former and not necessarily compatible. Agreed. if we agree on introducing rootfs_cmd then uses shall be audited. Reliance on host-tools shall be kept to a minimum to avoid host-contamination problems but also avoid incompatibilities as you have correctly noted. We can debate whether the 1st user of rootfs_cmd from this patch series (using apt to download source packages from a target rootfs) should have used apt from / (hopefully a kas-container but not guaranteed) or from Isar's host rootfs. With mmdebstrap (used from /) using apt (also from /), I felt that it was ok. If you prefer that I switch to have rootfs_cmd call apt from an Isar host rootfs then I can rework the patch series to do so. We may have other cases where we need a host tool (pulled into an Isar's host rootfs) to operate on a target rootfs. Please advise. >=20 > Jan >=20 > >=20 > > Signed-off-by: Cedric Hombourger > > --- > > =C2=A0RECIPE-API-CHANGELOG.md=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 7 ++++ > > =C2=A0doc/user_manual.md=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 |=C2=A0 1 + > > =C2=A0meta/classes/rootfs.bbclass | 67 > > +++++++++++++++++++++++++++++++++++++ > > =C2=A03 files changed, 75 insertions(+) > >=20 > > diff --git a/RECIPE-API-CHANGELOG.md b/RECIPE-API-CHANGELOG.md > > index 8468717d..18b90555 100644 > > --- a/RECIPE-API-CHANGELOG.md > > +++ b/RECIPE-API-CHANGELOG.md > > @@ -727,3 +727,10 @@ Changes in next > > =C2=A0 > > =C2=A0This was never documented and never had practical relevance. `oci= - > > archive` is > > =C2=A0the useful OCI image format that can be imported, e.g., by podman= . > > + > > +### Require bubblewrap to run non-privileged commands with bind- > > mounts > > + > > +Isar occasionally needs to run commands within root file-systems > > that it > > +builds and with several bind-mounts (e.g. /isar-apt). bubblewrap > > may be > > +used in Isar classes instead of `sudo chroot`. It is pre-installed > > in > > +kas-container version 4.8 (or later). > > diff --git a/doc/user_manual.md b/doc/user_manual.md > > index ca551a0d..a4fff34a 100644 > > --- a/doc/user_manual.md > > +++ b/doc/user_manual.md > > @@ -75,6 +75,7 @@ Install the following packages: > > =C2=A0``` > > =C2=A0apt install \ > > =C2=A0=C2=A0 binfmt-support \ > > +=C2=A0 bubblewrap \ > > =C2=A0=C2=A0 bzip2 \ > > =C2=A0=C2=A0 mmdebstrap \ > > =C2=A0=C2=A0 arch-test \ > > diff --git a/meta/classes/rootfs.bbclass > > b/meta/classes/rootfs.bbclass > > index 5f877962..429494ae 100644 > > --- a/meta/classes/rootfs.bbclass > > +++ b/meta/classes/rootfs.bbclass > > @@ -34,6 +34,73 @@ export LANG =3D "C" > > =C2=A0export LANGUAGE =3D "C" > > =C2=A0export LC_ALL =3D "C" > > =C2=A0 > > +# Execute a command against a rootfs and with isar-apt bind- > > mounted. > > +# Additional mounts may be specified using --bind > > and a > > +# custom directory for the command to be executed with --chdir > > . The > > +# command is assumed to follow the special "--" argument. This > > would replace > > +# "sudo chroot" calls especially when a native command may be used > > instead of > > +# chroot'ed command and without elevated privileges (the command > > will likely > > +# take the rootfs as argument; e.g. apt-get -o Dir=3D${ROOTFSDIR}). > > If the > > +# optional rootfs argument is omitted, the host rootfs will be > > used (e.g. to > > +# run native commands): this should be used with care. > > +# > > +# Usage: rootfs_cmd [options] [rootfs] -- command > > +# > > +rootfs_cmd() { > > +=C2=A0=C2=A0=C2=A0 set -- "$@" > > +=C2=A0=C2=A0=C2=A0 bwrap_args=3D"--bind ${REPO_ISAR_DIR}/${DISTRO} /is= ar-apt" > > +=C2=A0=C2=A0=C2=A0 bwrap_binds=3D"" > > +=C2=A0=C2=A0=C2=A0 bwrap_rootfs=3D"" > > + > > +=C2=A0=C2=A0=C2=A0 while [ "${#}" -gt "0" ] && [ "${1}" !=3D "--" ]; d= o > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 case "${1}" in > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --b= ind) > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 if [ "${#}" -lt "3" ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bbfatal "--bind requires two = arguments" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 fi > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 bwrap_binds=3D"${bwrap_binds} --bind ${2} ${3}" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 shift 3 > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ;; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --c= hdir) > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 if [ "${#}" -lt "2" ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bbfatal "${1} requires an arg= ument" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 fi > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 bwrap_args=3D"${bwrap_args} ${1} ${2}" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 shift 2 > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ;; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -*) > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 bbfatal "${1} is not a supported option!" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ;; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 *) > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 if [ -z "${bwrap_rootfs}" ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bwrap_rootfs=3D"${1}" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 shift > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 else > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bbfatal "unexpected argument = '${1}'" > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 fi > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 ;; > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 esac > > +=C2=A0=C2=A0=C2=A0 done > > + > > +=C2=A0=C2=A0=C2=A0 if [ -n "${bwrap_rootfs}" ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bwrap_args=3D"${bwrap_args}= --bind ${bwrap_rootfs} /" > > +=C2=A0=C2=A0=C2=A0 fi > > + > > +=C2=A0=C2=A0=C2=A0 if [ "${#}" -le "1" ] || [ "${1}" !=3D "--" ]; then > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bbfatal "no command specifi= ed (missing --)" > > +=C2=A0=C2=A0=C2=A0 fi > > +=C2=A0=C2=A0=C2=A0 shift=C2=A0 # remove "--", command and its argument= s follows > > + > > +=C2=A0=C2=A0=C2=A0 for ro_d in bin etc lib lib64 sys usr var; do > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 [ -d ${bwrap_rootfs}/${ro_d= } ] || continue > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bwrap_args=3D"${bwrap_args}= --ro-bind > > ${bwrap_rootfs}/${ro_d} /${ro_d}" > > +=C2=A0=C2=A0=C2=A0 done > > + > > +=C2=A0=C2=A0=C2=A0 bwrap --unshare-user --unshare-pid ${bwrap_args} \ > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --dev-bind /dev /dev --proc= /proc --tmpfs /tmp \ > > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ${bwrap_binds} -- "${@}" > > +} > > + > > =C2=A0rootfs_do_mounts[weight] =3D "3" > > =C2=A0rootfs_do_mounts() { > > =C2=A0=C2=A0=C2=A0=C2=A0 sudo -s <<'EOSUDO' >=20 >=20 --=20 Cedric Hombourger Siemens AG www.siemens.com --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= 40ffc532715cbb285f2e41ec11909a7ff145da05.camel%40siemens.com.